|
|
|
|
|
|
by georgemcbay
4350 days ago
|
|
|
The second one is possible with nothing other than an Amazon order number and some human social engineering; earlier this summer I got hit with someone who gained access to my Amazon order number for an Xbox One (I assume this happened because I was recycling my physical Amazon pack-in invoices [which included the order number] without shredding them), that person chatted with an Amazon CSR and got them to send a replacement order (saying the first never came) and even convinced them to send the replacement to another address that had never been associated with my account (which was a remailer service in Oregon). Even worse, they did this twice (two replacement orders for the same item sent to the same place staggered over 2 days). I can imagine it would be much, much easier for such social-engineering replacement fraud to happen if someone actually had access to your account with all of its order number data in the clear. They would be restricted to just reordering things you've already ordered in the past, but I imagine that it doesn't take too many incidents on your account (especially if they figure out you've given your password away freely to a third party) before Amazon shuts you down, with all of the pain associated with that if you're a prime/kindle/etc user. This seems like a cool service, but there's no way in hell I'm giving anyone my Amazon password for any purpose. |
|
|